Alerts This Week
Warning Icon 1 1,109
Alerts This Week
Warning Icon 1 1,109

Ubuntu 14.04 LTS USN-5615-3 Moderate: SQLite Denial Of Service

ubuntu
Calendar Grey June 27, 2024
Dist Ubuntu Esm H88
Update for SQLite vulnerabilities on Ubuntu 14.04 LTS, targeting security flaws that may allow unauthorized code execution and system instability.
SQLite could be made to crash or execute arbitrary code.

Summary

SQLite could be made to crash or execute arbitrary code.

Software Description:

- sqlite3: C library that implements an SQL database engine

Details:

USN-5615-1 fixed several vulnerabilities in SQLite. This update provides

the corresponding fix for CVE-2020-35525 for Ubuntu 14.04 LTS.

Original advisory details:

 It was discovered that SQLite incorrectly handled INTERSEC query

 processing. An attacker could use this issue to cause SQLite to crash,

 resulting in a denial of service, or possibly execute arbitrary code.

 (CVE-2020-35525)

 It was discovered that SQLite incorrectly handled ALTER TABLE for views

 that have a nested FROM clause.  An attacker could use this issue to cause

 SQLite to crash, resulting in a denial of service, or possibly execute

 arbitrary code. This issue was only addressed in Ubuntu 20.04 LTS.

 (CVE-2020-35527)

 It was discovered that SQLite incorrectly handled embedded null characters

 when tokenizing cer...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 14.04 LTS
   libsqlite3-0                    3.8.2-1ubuntu2.2+esm4
                                   Available with Ubuntu Pro
   sqlite3                         3.8.2-1ubuntu2.2+esm4
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-5615-3

  https://ubuntu.com/security/notices/USN-5615-1

  CVE-2020-35525

Ubuntu Security Notice USN-5615-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here